Capacity Planning
I have build a new environment. So the requirement is have to index 100gb data what are the hard ware requirement? How can will plan how much indexer volume have to keep.How many Search heads are...
View ArticleHow to make the KV store port 8191 to listen to local IP only
As the title, How to make the KV store port 8191 to listen to local IP only? Or what's the guide line to harden this port. This document only suggest to harden this port, but not the steps....
View Articlesingle value display depending on value
hi! I have a single value chart wherein I want to display a certain value if that value is not equal to zero. I have three values, BAD, WARNING GOOD. when either each of these values turns to zero I...
View ArticleSplunk Db connect -Oracle connection facing issue while forwarding from...
Hi All, Installed Splunk db connect at forwarder, configuration like connections and data inputs configured but table logs are not getting captured. facing below issue [QuartzScheduler_Worker-9] INFO...
View ArticleDoes Splunk Support drilldown within the same window/panel?
What i mean to ask is, 1)Would it be possible to have a chart(any) and when clicked on a value the chart changes/displays values relevant to the click in the same panel? 2)Also, if the fields are...
View Articlequery to return rows in table based on count
I have a splunk query that forms table like this Time Type Msg 10/1/2019 0:00 1 xyz 10/2/2019 0:00 2 xyz 10/3/2019 0:00 3 xyz 10/4/2019 0:00 4 xyz 10/5/2019 0:00 1 xyz 10/6/2019 0:00 1 xyz 10/7/2019...
View ArticleCan anyone help me in xml.
Can anyone help me regarding this XML code I am not getting the correct output? I have added the screenshot of the output. and the CSV file. TEST enter code...
View ArticleHow to filter out Informational logs from Palo Alto
Hi there, I am trying to filter out Information logs from Palo Alto Firewall using REGEX with props e transforms.conf but it is not working. Help me with the correct REGEX. Thanks a lot! César
View ArticleDGA & MLTK
As I Install Splunk DGA App and machine learning toolkit , I dont know how to use generated data of DGA app in my own network and in machine learning toolkit? How to use algorithms in my indexe data ..
View ArticleWhen to use batch learning, online learning (with Splunk) and offline...
Hi I am new with Splunk. But in the past I have worked with jupyter notebook doing machine learning. Specifically with static databases (.csv) I know splunk is to convert Unstructured data to a...
View ArticleSplunk Addon for SQL server
I have installed the Splunk_TA_microsoft-sqlserver and the logs are showing the following error : 04-22-2019 09:10:58.180 -0500 ERROR TailingProcessor - Skipping stanza 'monitor://C:\Program...
View ArticleData model calculated field dependencies
Hi all, I am trying to use data models to extract a search time value from a lookup. However, the value I am using to join to the lookup table is extracted from the source. I have no other way to get...
View ArticleNeed help doing drilldown from linechart
Hello, I need to make a drilldown from a linechart (with a timespan of 7d), the thing is that the drilldown needs to go whenever (day, in time) the user clicked. The linechart also has 3 lines coming...
View ArticleHow to get configuration for specific application using REST api
Is there a rest API where I can get the inputs.conf for a specific application on my deployment server? I can get a list of all my applications using: curl -k...
View Articlefinding it challenging to find the difference of two query results
hi team, i have two queries as follows **query1:** |inputlookup abc.csv |table file sla_time **query2:** index=xxx source=yyyy |table file2 **file2** values are subset of **file** values. I want to...
View Articlequery not showing all the expected results
Hello, i have log file that contains the following rows (im showing only those who relevant to my question)><0> 11/04/19 08:05:58 : Head Optimization Wizard: Head 6, Next Voltage =...
View ArticleUsing an EVAL value to feed search statement
I'm trying to establish a field value or variable to be used in a subsequent search. I've stripped out the actual use case to protect data but something like this. TYPE is a field and has a token value...
View ArticleSet token from specific row & field in a table
Ok, so I'm trying to consolidate some queries and one sticking point is that I've got an ugly base query chased by another doing an appendpipe to give me a summary row. Ideally I'd like it to be one...
View ArticleHow do you set action in Email CIM?
One of the fields in the Email CIM is action. From the Proofpoint-On-Demand pps_messagelog I want to change final_action to action. I've tried using the below in TA-pps_ondemand/local/props.conf...
View ArticleFind all results between two dates (initial date and limit date) .
Hi Splunkers! I have a field which name is "Data Identificada" , all the values inside in this field are strings and the format is d/m/y .I have to make a search that will return for me all the results...
View Article